# JetBrains Plugin

## About

JetBrains IDEs are powerful integrated development environments used by millions of developers worldwide for building applications across various programming languages and frameworks. Whether you're developing in Java, Python, JavaScript, or any other supported language, JetBrains IDEs provide comprehensive tools for coding, debugging, and deployment.

The Keeper Security plugin allows JetBrains IDE users to integrate with Keeper Security vault to make managing secrets in development workflows easier and more secure. The plugin enables developers to replace hardcoded secrets with vault references and execute commands with injected credentials without exposing sensitive data.

## Features

* **Secret Management**: Save, retrieve, and generate secrets directly from JetBrains IDEs using the Keeper Vault
* **Secure Execution**: Run commands with secrets injected from the Keeper Vault through `.env` file processing
* **Folder Management**: Select and manage Keeper vault folders for organized secret storage
* **Record Operations**: Create new records, update existing ones, and retrieve field references
* **Cross-platform support**: Windows, macOS, Linux

## Prerequisites

* **Keeper Commander CLI**
  * Must be installed and authenticated on your system
  * Download from [Keeper Commander Installation Guide](https://docs.keeper.io/en/keeperpam/commander-cli/commander-installation-setup)
  * Authenticate using [Persistent login](https://docs.keeper.io/en/keeperpam/commander-cli/commander-installation-setup/logging-in#persistent-login-sessions-stay-logged-in) or [Biometric login](https://docs.keeper.io/en/keeperpam/commander-cli/commander-installation-setup/logging-in#logging-in-with-biometric-authentication)
  * **Keeper Security Account**: Active subscription with vault access
* **System Requirements**
  * **JetBrains IDE**: Version 2021.1 or later (IntelliJ IDEA, PyCharm, WebStorm, PhpStorm, RubyMine, CLion, GoLand)
  * **Java**: Version 11 or later
  * **Python**: Version 3.6+ (required for Keeper Commander CLI)

## Setup <a href="#configuring-discovery-credentials" id="configuring-discovery-credentials"></a>

### Installation

**Using JetBrains Marketplace**

1. Open your JetBrains IDE
2. Go to **File** → **Settings** → **Plugins** (or IntelliJ IDEA → Preferences → Plugins on macOS)
3. Search for "**Keeper Security**"
4. Click "**Install**" and restart the IDE

### Authentication

The plugin supports two authentication methods through Keeper Commander CLI:

**Method 1: Biometric Authentication**

```
# Login to Keeper
keeper shell

# Register biometric authentication
biometric register

# Follow prompts to set up biometric authentication
```

**Method 2: Persistent Login**

```markup
# Login to Keeper
keeper shell

# Register device for persistent login
this-device register

# Enable persistent login
this-device persistent-login on

# Verify configuration
this-device
```

#### Plugin Verification

1. Open any JetBrains IDE
2. Go to Tools → Keeper Vault → Check Keeper Authorization
3. Verify the authentication status shows success

## Usage <a href="#usage" id="usage"></a>

All Keeper actions are available through:

1. Tools Menu: Tools → Keeper Vault → \[Action]
2. Right-click Context Menu: Right-click in editor → \[Action]

### Available Commands

| Command                    | Description                                                      | Use Case                                                   |
| -------------------------- | ---------------------------------------------------------------- | ---------------------------------------------------------- |
| Check Keeper Authorization | Verify Keeper CLI installation and authentication status         | Troubleshoot connection issues and verify setup            |
| Get Keeper Secret          | Insert existing secrets from vault as references                 | Retrieve stored secrets without exposing actual values     |
| Add Keeper Record          | Save selected text as secret in vault and replace with reference | Replace hardcoded secrets with vault references            |
| Update Keeper Record       | Update existing vault record with new value from selected text   | Modify existing secrets while maintaining references       |
| Generate Keeper Secret     | Generate secure password and store in vault                      | Create new secure credentials automatically                |
| Get Keeper Folder          | Select vault folder for organizing new records                   | Organize secrets in specific vault folders                 |
| Run Keeper Securely        | Execute commands with secrets injected from .env file            | Run applications with vault secrets in runtime environment |

### Basic Secret Management

1. Retrieving Existing Secrets

```python
# Position cursor where you want the secret reference
database_password = |

# Use: Tools → Keeper Vault → Get Keeper Secret
# Select record and field from vault
# Result:
database_password = keeper://abc123def456/field/password
```

2. Adding New Secrets

```javascript
// Select the secret text
const apiKey = "sk-1234567890abcdef";

// Use: Right-click → Add Keeper Record
// Enter title and field name
// Result:
const apiKey = keeper://new-record-uid/field/api_key;
```

3. Generating Secure Passwords

```
# Position cursor
admin_password: |

# Use: Tools → Keeper Vault → Generate Keeper Secret
# Enter record details
# Result:
admin_password: keeper://generated-record-uid/field/password
```

### Secure Command Execution

#### Environment **File Setup**

Create a `.env` file with Keeper references, for example:

```
DATABASE_URL=keeper://db-record-uid/field/connection_string
API_KEY=keeper://api-record-uid/field/key
SECRET_KEY=keeper://app-record-uid/field/secret
JWT_SECRET=keeper://auth-record-uid/field/jwt_key
```

**Running Commands with Injected Secrets**

1. Right-click in your project → Run Keeper Securely
2. Select or confirm the `.env` file
3. Enter your command (e.g., python3 app.py)
4. Plugin fetches secrets and creates terminal with injected environment variables

```bash
# Plugin executes your command with actual values:
python3 app.py
# Environment contains:
# DATABASE_URL=postgresql://user:pass@host:5432/db
# API_KEY=ak_live_1234567890abcdef
# SECRET_KEY=super-secret-key-value
# JWT_SECRET=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
```

#### Complete Workflow Example

```python
# 1. Start with hardcoded secrets (bad practice)
import os
import requests

DB_PASSWORD = "hardcoded_password_123"
API_TOKEN = "secret_api_token_xyz"

# 2. Select and replace with vault references
# Use: Add Keeper Record for each secret
DB_PASSWORD = keeper://db-creds-uid/field/password
API_TOKEN = keeper://api-creds-uid/field/token

# 3. Create .env file for secure execution
# .env contents:
# DB_PASSWORD=keeper://db-creds-uid/field/password
# API_TOKEN=keeper://api-creds-uid/field/token

# 4. Run application securely
# Use: Run Keeper Securely with command "python3 my_app.py"
```

## Actions Reference <a href="#resources" id="resources"></a>

### Check Keeper Authorization <a href="#ksm_install" id="ksm_install"></a>

Verifies Keeper CLI installation and authentication status.

Usage: **Tools** → **Keeper Vault** → **Check Keeper Authorization**

Purpose: Troubleshoot connection issues and verify setup

### Get Keeper Secret <a href="#ksm_install" id="ksm_install"></a>

Retrieves existing secrets from vault as references.

Usage: Position cursor, then **Tools** → **Keeper Vault** → **Get Keeper Secret**

Properties:

* Input: Cursor position in editor
* Output: Keeper reference inserted at cursor
* Format: `keeper://record-uid/field/field-name`

### Add Keeper Record <a href="#ksm_install" id="ksm_install"></a>

Creates new vault record from selected text and replaces with reference.

Usage: Select text, then **right-click** → **Add Keeper Record**

Properties:

* Input: Selected text containing secret
* Output: Selected text replaced with Keeper reference
* Prompts: Record title, field name

### Update Keeper Record <a href="#ksm_install" id="ksm_install"></a>

Updates existing vault record with new value from selected text.

Usage: Select text, then **right-click** → **Update Keeper Record**

Properties:

* Input: Selected text with updated secret value
* Output: Text replaced with existing record reference
* Selection: Choose existing record and field to update

### Generate Keeper Secret <a href="#ksm_install" id="ksm_install"></a>

Generates secure password and stores in vault.

Usage: Position cursor, then **Tools** → **Keeper Vault** → **Generate Keeper Secret**

Properties:

* Input: Cursor position
* Output: Generated secure password reference
* Configuration: Automatic strong password generation

### Get Keeper Folder <a href="#ksm_install" id="ksm_install"></a>

Selects vault folder for organizing new records.

Usage: **Tools** → **Keeper Vault** → **Get Keeper Folder**

Properties:

* Purpose: Set default folder for new records
* Scope: Applies to current workspace/project
* Persistence: Selection remembered across IDE sessions

### Run Keeper Securely <a href="#ksm_install" id="ksm_install"></a>

Executes commands with secrets injected from .env file.

Usage: **Right-click in project** → **Run Keeper Securely**

Properties:

* Input: `.env` file with Keeper references
* Process: Fetches actual secret values from vault
* Output: Terminal with injected environment variables
* Security: No secret values exposed in IDE or file system

## Platforms <a href="#platforms" id="platforms"></a>

The following platforms are supported:

* Linux: Ubuntu 18.04+, CentOS 7+, RHEL 7+, Debian 9+, Fedora 30+
* macOS: 10.14+ (Mojave and later)
* Windows: Windows 10+, Windows Server 2016+

## Requirements <a href="#requirements" id="requirements"></a>

### JetBrains IDEs <a href="#chef-1" id="chef-1"></a>

* IntelliJ IDEA: 2021.1+
* PyCharm: 2021.1+
* WebStorm: 2021.1+
* PhpStorm: 2021.1+
* RubyMine: 2021.1+
* CLion: 2021.1+
* GoLand: 2021.1+
* DataGrip: 2021.1+
* Rider: 2021.1+

### Dependencies <a href="#dependencies" id="dependencies"></a>

* Java Runtime: 11+ (provided by JetBrains IDE)
* Python: 3.6+ (for Keeper Commander CLI)
* pip: Latest version (for CLI installation)